cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-35149,https://securityvulnerability.io/vulnerability/CVE-2023-35149,Missing Permission Check in Jenkins Digital.ai App Management Publisher Plugin,"A critical vulnerability exists in the Jenkins Digital.ai App Management Publisher Plugin, where a missing permission check enables attackers with Overall/Read permissions to connect to arbitrary URLs. This exploit can lead to the unauthorized exposure of sensitive credentials stored within Jenkins, significantly compromising the integrity and security of the affected systems.",Jenkins,Jenkins Digital.ai App Management Publisher Plugin,6.5,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2023-06-14T13:15:00.000Z,0
CVE-2023-35148,https://securityvulnerability.io/vulnerability/CVE-2023-35148,Cross-Site Request Forgery Vulnerability in Jenkins Digital.ai App Management Publisher Plugin,"The Digital.ai App Management Publisher Plugin for Jenkins is susceptible to a cross-site request forgery (CSRF) vulnerability. This flaw permits attackers to forge requests to the Jenkins server, potentially allowing them to redirect connections to their own specified URL. Consequently, any credentials stored in Jenkins can be captured by malicious entities, posing a serious risk to user data and system integrity. Users of versions 2.6 and earlier should apply the recommended updates to mitigate this security concern.",Jenkins,Jenkins Digital.ai App Management Publisher Plugin,6.5,MEDIUM,0.001019999966956675,false,,false,false,false,,,false,false,,2023-06-14T13:15:00.000Z,0